Poor reporting
It's rather sad how many times this article has been referenced in the media. I've really lost a lot of respect for the guys at Heise after this show.
Two major factors stand out: first, these guys apparently don't know how to read nmap output. Go look at the manual and you'll find out that open|filtered is NOT cause for concern, and does not mean the machine is allowing you access to that port. You could argue that it's not the best design decision on Fyodor's side, but that output does not indicate a flaw in the OS X firewall.
Secondly, it appears that they ran some of their tests from the local machine itself! Looking at my own MacBook's routing table, I see:
192.168.10.185 127.0.0.1 UHS 0 214 lo0
The IP of my wireless interface is routed out the loopback interface. Loopback interfaces, which are virtual, typically are not firewalled, *as they can only be accessed from within the machine itself*. So, flawed testing. Of course things appear open when you test on an unfirewalled interface.
Finally, I don't recall ever seeing anything where the OS X firewall is supposed to block outbound connections. Maybe it's a good idea, maybe it's not, but it's "failure" to do so hardly seems like a major concern to me.
I'll stick with my mac, and get my security news from somebody who knows what he or she is talking about, thanks.;-)